276
A Practical Guide to Security Assessments
13. Acceptable use of IT resources.
• Is there documented Acceptable User policy?
• Has human resources (HR) or management ever discussed what is
considered acceptable use of IT resources?
•Have you ever signed an Acceptable Use policy?
Guidance:
For many people, the concept of Acceptable Use is a matter
of common sense. However, many do not know about it or have never
seen one in writing. You might see a case where an Acceptable Use policy
exists but there is no formal acknowledgment that employees have read
it and understand it. For a company to be able to use Acceptable Use as
a basis for disciplinary or legal action, they must prove that the employees
read the policy. Ideally, this acknowledgment is something that HR should
ensure happens and should track with new and existing employees.
Client Response:
14. Physical security.
• What physical security measures are in place for the areas of the facility
you access?
• Do you have any sensitive information in your desk or office and if
so, how is it secured?
• Do you practice a “clean desk” policy when you leave the office?
• Do you use screensavers on your computer?
• Do you shred sensitive documents before throwing them away?
Guidance:
Physical security measures are something that most employees
encounter on a daily basis. The purpose of this question is to get perspec-
tive from employees about what physical security measures are in place.
The answer to this question will help you validate the more detailed
questions related to physical security.
Client Response:
AU1706_book.fm Page 276 Wednesday, July 28, 2004 11:06 AM
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.